Web application security - the fast guide 1.1 | Page 85

Chapter 4 - Be the attacker
P a g e | 85
4.17 QUIZ:
1. What is true concerning when where and what attackers
normally strike:
a. Attackers normally attack high importance web application.
b. home business or enterprise machines anywhere can be a target to
attackers.
c. Closure time is the best time attacker might think it worth
d. All Targeting network layer attacks are much easier than going
through application level attack.
2. Why an attacker might think of attacking a trivial insignificant
target:
a. To use as a spam source.
b. To use it as skin to hide his tracks.
c. To have fun
d. All the above
3. Attackers main motivation usually Is:
a. make money
b. Disturb and vandalize
c. Test their skills and prove they can
d. All the above
4. Select what is true concerning attacking process:
a. Mapping as a phase depends on previous phases like Analyze
phase to specify what when and how to attack.
b. Track coverage is only necessary at the end of execution phase.
c. As the first phase of attack process Execution phase focus on
collecting information using search engines.
d. Analysis phase depends on all inputs from mapping phase to
create a full picture about the targeted system and its
vulnerabilities.
5. All information about mapping type of used web server are
correct EXCEPT:
a. Web server type can be guessed by analyzing server signature
using statistical methods
b. Banner sent by server is the ultimate way to get the type of used
web server as it is the peace of information that cannot be altered.
c. Used index information stored about the server using an online
tool like SHODAN
d. The usage of a special server side technologies like asp.net or PHP
cannot give a precise guess of type of used server